Hi, I am trying a few things, after packet sniffing I can see that the Windows AD is refusing to answer the IPA server's queries but just for that particular reverse zone.....so I have a change control / fault ticket into our control system for our MS operations ppl to look at and fix that....
I did consider just putting such a setting in named.conf, but was concerned that it was not the "right way". At the moment I have created a reverse zone inside IPA.....when I get the above config/fault issue fixed...moving forward I would like to do as much as possible inside the FreeIPA gui because the thought of letting our Windows ppl near a CLI gives me the shivers.... I have no idea how to do a doc ticket? but I do think the DNS section of the FreeIPA doc needs expanding. Also some use cases, my one could well be typical of the hoops a customer has to jump through to make IPA work with an existing AD setup/site....Im not sure if what I am doing is the best way.... regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Dmitri Pal [d...@redhat.com] Sent: Tuesday, 22 November 2011 5:50 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] FreeIPA's 'DNS' On 11/21/2011 05:29 AM, Sigbjorn Lie wrote: > Hi, > > Why not use a forwarders statement in the named.conf? Works for me. > > > zone "11.168.192.in-addr.arpa." in { > type forward; > forwarders { 192.168.1.1; 192.168.1.2; }; > }; > Steven, Can you please confirm that it works for you? In short term we should document this so if it works can you pleas ope a doc ticket or BZ? Long term we should probably extend LDAP driver and store this information in the LDAP and allow it to be configured via IPA UI/CLI. If this makes sense let us open a ticket for that too. Thanks Dmitri > > > Rgds, > Siggi > > > > On Mon, November 21, 2011 00:56, Steven Jones wrote: >> nope wont work.....I cant seem to specify the remote AD nameservers.... >> >> >> regards >> >> Steven Jones >> >> >> Technical Specialist - Linux RHCE >> >> >> Victoria University, Wellington, NZ >> >> >> 0064 4 463 6272 >> >> >> ________________________________________ >> From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on >> behalf of Steven >> Jones [steven.jo...@vuw.ac.nz] >> Sent: Monday, 21 November 2011 12:52 p.m. >> To: freeipa-users@redhat.com >> Subject: Re: [Freeipa-users] FreeIPA's "DNS" >> >> >> In the DNS tab there is a "add" >> >> >> So if I wanted a slave reverse zone that is in the range 10.2.1.0 but looked >> after by a remote >> host >> >> I would >> >> >> click on the reverse zone IP network radio button >> >> put in the zone name of 0.1.2.10.in-addr-arpa >> >> For the authoritative nameserver put in the two remote AD DNS server's IPs >> 10.2.1.5 10.2.1.6 >> (space delimited? comma delimited? can I put only one?) >> >> >> and hit add? >> >> um.....I think the DNS section is a little light on using it..... >> >> >> regards >> >> Steven Jones >> >> >> Technical Specialist - Linux RHCE >> >> >> Victoria University, Wellington, NZ >> >> >> 0064 4 463 6272 >> >> >> ________________________________________ >> From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on >> behalf of Steven >> Jones [steven.jo...@vuw.ac.nz] >> Sent: Monday, 21 November 2011 12:38 p.m. >> To: freeipa-users@redhat.com >> Subject: [Freeipa-users] FreeIPA's "DNS" >> >> >> Hi, >> >> >> I am trying to get my head around making DNS and IPA work in an existing >> microsft AD / DNS site. >> >> >> Initially I am setting up a proof of concept.......I will be delegating the >> unix.vuw.ac.nz as a >> sub-zone from vuw.ac.nz, this will hold all the Linux/unix servers. IPA's >> DNS is forwarded to >> the main DNS servers. My problem is the reverse zones....the remote AD >> masters hold the >> reverse zones so IPA has to query these if it needs to do a reverse >> lookup....this doesnt seem to >> be happening ie running "host 10.1.1.5" on the IPA master fails...I assume I >> need this to >> work...so whats the best way? >> >> Set the IPA DNS service as a slave of the microsoft AD reverse zones? If so >> how do I set this up? >> as per normal ie edit the named.conf directly? or do I do that from inside >> IPA? (cant see how >> just yet) >> >> or is there a better method? >> >> or does it matter if reverse lookups wont work? >> >> regards >> >> Steven Jones >> >> >> Technical Specialist - Linux RHCE >> >> >> Victoria University, Wellington, NZ >> >> >> 0064 4 463 6272 >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users